This was the year when many historical hacks came back to bite millions just as they were least expecting it.This year many cyber attacks took place which caused almost 3,000 publicly data breaches, exposing more than 2.2 billion records. And the year isn’t even over yet.
Let’s take a look back at some of the biggest — and most dangerous — hacks and leaks so far.
1.Yahoo’s More than 1 Billion Accounts Hacked
Yahoo hack was the biggest hack of this year, that “more than one billion user accounts” may have been stolen by hackers during an attack that took place in August 2013, according to a press release.
This is a separate hack than the one that Yahoo announced back in September, in which as many as 500 million user accounts were compromise.
The stolen user account information may have included “names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers.”
2. MySpace hack leads to 427 million passwords up for sale
MySpace hack is the second one which leads to steal 427 million passwords for sale
3. 171 million VK.com accounts stolen
VK.com breach leands to a hacker has obtained 171 million user accounts .
VK (originally VKontakte) is the largest European online social networking service with over 350 million users.
The stolen database contains full names, email addresses and plain-text passwords, and in many cases locations and phone numbers.
The hacker selling a smaller portion of the database — 100 million accounts, which is a little over 17 gigabytes in size — on a dark web marketplace for 1 bitcoin, or about $580 at the time of writing.
VK was talking about old logins / passwords that had been collected by fraudsters in 2011-2012. All users’ data mentioned in this database was changed compulsorily.
The hack was thought to have been carried out in late-2012 or early 2013, but the hacker who is selling the data could not be more precise.
4. 117 Million LinkedIn Emails And Password
A hacker was advertising what he says is more than one hundred million LinkedIn logins for sale.
A total of 117 million passwords are said to be included.
The passcodes are encoded, but in a form that appears to have been relatively easy to reverse-engineer.
the fact that LinkedIn had originally “hashed” its passwords but not “salted” them before storing them.
Hashing involves using an algorithm to convert passwords into a long string of digits. Salting is an additional step meant to stop unauthorised parties from being able to work around the process.
LinkedIn had about 165 million accounts at the time of the breach, but the discrepancy in the figures might be explained by the fact that some of its users logged in via Facebook.
The IDs were reportedly sourced from a breach four years ago, which had previously been thought to have included a fraction of that number.
At the time, the business-focused social network said it had reset the accounts of those it thought had been compromised.
5.Hacker puts 51 million file sharing accounts for sale on dark web
User accounts for iMesh, a now defunct file sharing service, were for sale on the dark web.
The New York-based music and video sharing company was a peer-to-peer service, which rose to fame in the file sharing era of the early-2000s, riding the waves of the aftermath of the “dotcom” boom.
LeakedSource, a breach notification site that allows users to see if their details have been leaked, has obtained the database. The group’s analysis of the database shows it contains a little over 51 million accounts.
6.Indian 3.2 million Debit Card Hack
7. Ubuntu Forums hack exposes 2 million users
Ubuntu’s data breach leads to two million usernames, email addresses, and IP addresses associated with the Ubuntu Forums were taken by an unnamed attacker.
The attacker was able to exploit an SQL injection vulnerability in an add-on used by older vBulletin forum software.That gave the attacker access to the forum’s databases, but the company said that only limited user data was accessed and downloaded.
The statement explains that no code or repository data was accessed, and the attacker couldn’t write data to the database or gain shell access. The attacker also didn’t gain access to any other Canonical or Ubuntu service.
